Welcome to the first Cloud CISO Perspectives for March 2024. Today I’ll be highlighting a section from our newest Perspectives on Security for the Board report, focusing on the importance of developing psychological resilience in cybersecurity leadership. As with all Cloud CISO Perspectives, the contents of this newsletter …
The stakes have never been higher for managing cloud risks. With organizations of every size and in every industry pursuing cloud-first strategies, the cloud is now home to their most critical applications and data. Adversaries have picked up on this ongoing shift, too: APT groups known for regularly targeting …
As cyber threats and risks continue to evolve, robust security is more than just an IT issue — it is imperative for business success and continuity. To help you better understand the current cybersecurity landscape, including guidance on regulatory changes and the latest threat intelligence, we bring you the first …
Creating and managing the security of Kubernetes clusters is a lot like building or renovating a house. Both require making concessions across many areas when trying to find a balance between security, usability and maintainability. For homeowners, these choices include utility and aesthetic options, such as installing floors, fixtures …
Welcome to the second Cloud CISO Perspectives for February 2024. Today, Charley Snyder, a Google expert on the intersection of security and public policy, talks about our announcements at February’s Munich Security Conference — and why the conference plays a vital role in public policy conversations. As with all …
Cybercriminals often use lateral movement techniques when exploring a compromised network to slide sideways, from devices to applications, as they hunt for vulnerabilities, escalate access privileges, and seek to reach their ultimate target. Research published today by Palo Alto Networks highlights several techniques that exploit misconfigurations which could allow …
As developers use Vertex AI, Google Cloud’s end-to-end AI platform that includes intuitive tooling to build the next generation of AI applications, IT teams are called on to bolster cloud infrastructure security. Aligned with the Secure AI Framework (SAIF) we introduced last year, we want to share approaches …
Securing cloud credentials has emerged as a challenge on the scale of Moby Dick: It presents an enormous problem, and simple solutions remain elusive. Credential security problems are also widespread: More than 69% of cloud compromises were caused by credential issues, including weak passwords, no passwords, and exposed APIs …
From the front lines of cyber investigations, the Mandiant Managed Defense team observes how cybercriminals find ways to avoid defenses, exploit weaknesses, and stay under the radar. We work around the clock to develop new techniques to identify attacks and stop breaches for our clients. Our aim is to …
Monitoring microservices in the cloud has become an increasingly cumbersome exercise for teams struggling to keep pace with developers’ rapid application release velocity. One way to make things easier for overloaded security teams is to use the open-source runtime security platform Falco to quickly identify suspicious behavior in Linux …
Welcome to the first Cloud CISO Perspectives for February 2024. Today I’ll be looking at our latest Threat Horizons report, which provides a forward-thinking view of cloud security with intelligence on emerging threats and actionable recommendations from Google's security experts. As with all Cloud CISO Perspectives, the contents …
In Germany, public procurement can be a highly complex and time-consuming process. More than 30,000 procurement entities vie for contracts across a fragmented regulatory landscape, with different rules applying at the federal, state, and municipal levels. Since public procurement procedures are often time-consuming, particularly for large or high-value …
In Germany, public procurement can be a highly complex and time-consuming process. More than 30,000 procurement entities vie for contracts across a fragmented regulatory landscape, with different rules applying at the federal, state, and municipal levels. Since public procurement procedures are often time-consuming, particularly for large or high-value …
With less than one year to prepare for the EU Digital Operational Resilience Act (Regulation (EU) 2022/2554 - ‘DORA’) coming into force, today we are sharing more information about how Google Cloud plans to support financial entities with their DORA compliance. As an organization, we are committed to DORA …
Editor’s note : The post is part of a series showcasing partner solutions that are Built with BigQuery. Today, it’s data that powers the enterprise, helping to provide competitive advantage, inform business decisions, and drive innovation. However, accessing high-quality data can be costly and time-consuming, and using it …
Welcome to the second Cloud CISO Perspectives for January 2024. In this edition, I’m turning the mic over to Yousif Hussin, who as a member of Google’s Vulnerability Coordination Center led our response to the recent serious zero-day CPU vulnerability Reptar. He talks about what important lessons …
Google Cloud’s Organization Policy Service can help you control resource configurations and establish guardrails in your cloud environment. And with custom organization policies, a powerful new extension to Organization (Org) Policy Service, you can now create granular resource policies to help address your cloud governance requirements. This new …
How effective is security technology at keeping your organization safe? While quantifying the investment return on security technology can be tricky, understanding the ROI of security products is crucial information for organizations to make informed decisions about resource allocation, strategy adjustments, and to get buy-in from financial approvers. With …
Welcome to the first Cloud CISO Perspectives of the year, and the first of our two newsletters for January. Today I’ll be discussing some of the important changes to the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules as outlined by the U.S. Securities and Exchange …